Who is Liable for ATM Card Fraud? (An EMV Update for Credit Unions)

When it comes to fighting U.S. card fraud, EMV is living up to all its promises. In fact, creditcards.com reports that, as of May 2016, chip-enabled merchants nationwide had reported a 47 percent reduction in counterfeit fraud annually, according to statistics released by Visa.

As of April 2016, EMV-compliant merchants within MasterCard’s network reported a 54 percent annual decrease in counterfeit card fraud – while merchants without EMV security saw counterfeit fraud rise by 77 percent year over year.

With cardholders and merchants embracing EMV chip technology in growing numbers, many consumers may wonder why their credit union’s ATMs are still limited to magstripe transactions.

That paradigm is about to change.

“Based on the ATMIA 2016 ATM Channel EMV Readiness survey, nearly 90 percent of U.S. ATM owners have performed hardware and software analysis or made purchases needed to upgrade or replace their ATMs in order to support EMV,” said Terry Pierce, Senior Product Manager for CO-OP Financial Services.

By year-end, the same ATMIA survey estimates up to 60 percent of ATMs nationwide will be EMV-enabled, with almost 80 percent supporting EMV by the end of 2017.

“If your credit union is not reflected in these percentages, you need to contact your ATM vendor or a third-party provider to get started with the upgrade,” she said.

And the sooner the better, Pierce adds, noting that MasterCard’s EMV liability shift for ATMs went into effect in October and Visa’s is set for October 2017.

“If your ATMs are not in compliance with these mandates, you will be liable for any fraud that occurs when an EMV card is inserted,” she said. “Consider also that, as EMV becomes more common at the ATM, machines without its protection will be even more susceptible to card skimming. You do not want to be the last holdout.”

Where Credit Unions Stand Today

According to Pierce, credit unions lag slightly behind megabanks in terms of upgrading their ATMs.

“This is to be expected because larger banks are typically given priority with vendors due to the sheer size of their fleets and budgets,” she said. “Many large banks also have deep internal resources they can tap to develop the technology, which makes them less dependent on their vendors as well.”

She adds that the expense involved in these projects is keeping a small percentage of credit unions from upgrading.

“While that is the case, we tend to see this dynamic more with independent ATM operators,” said Pierce. “Many of these businesses can’t cost justify the upgrade – and in some instances, the machines they have deployed are simply unable to support EMV.”

Securing Member Data Takes More Than EMV

While an EMV-enabled ATM is well protected from card skimming, Pierce reminds credit unions that card fraud is not going away any time soon.

“Criminals are already shifting their efforts to card-not-present fraud, which means your members should take every precaution with online and mobile transactions,” she said. “As a credit union, you can help them stay safe in cyberspace by providing member education on security best practices.”

According to Pierce, members should be advised to vary user names and passwords across sites, and to avoid providing any personal or account data to a business they don’t recognize.

According to Pierce, one of the tools in this space very effectively prevent fraud by allowing members to monitor and control card usage themselves.

“For example, members can restrict transactions to certain merchants, merchant types, geographic areas, dollar amounts and times of day,” she said. “They can also authorize or deny transactions before they are carried out, and temporarily turn cards ‘off’ when they are not in use.”

Pierce continued, “As a credit union, serving members well truly begins and ends with securing their data. While security innovations such as EMV are essential in the fight against card fraud, your best defense is always an informed, engaged and vigilant member.”

John Buzzard hosts CO-OP’s FraudBuzz webinar on the third Thursday of every month. Update yourself on the latest security issues – and collaborate on solutions. For information, click the banner below.